'// are active or current at the same time '// The returned 'CurrentProfiles' bitmask can have more than 1 bit set if multiple profiles Set fwPolicy2 = CreateObject("HNetCfg.FwPolicy2")ĬurrentProfiles = fwPolicy2.CurrentProfileTypes ' Windows Firewall rules using the Microsoft Windows Firewall APIs. This vbscript will enumerate through the Windows Firewall rule settings: ' This VBScript file includes sample code that enumerates These are just excerpts from the security log, which are accessible in GUI too. With get Message /value instead of get InsertionStrings in wmic command, output is more informative but also much longer: Message=The Windows Filtering Platform has blocked a packet.Īpplication Name: \device\harddiskvolume2\path\to\program.exe
We can output needed data with the following cmd-script: offįor /f "tokens=2 delims=" %%s in ('wmic os get LocalDateTime /value') do set datetime=%%sĪuditpol /set /subcategory: As it has been pointed out by the link, a right source is auditing events of the Windows Filtering Platform.
0 kommentar(er)
